mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.3 KiB
1.3 KiB
CVE-2023-25734
Description
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
POC
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1809923
- https://bugzilla.mozilla.org/show_bug.cgi?id=1810143
Github
No PoCs found on GitHub currently.